I suggest adding a nagios alert set for a couple of weeks before the next key expiration date.
Nagios can be configured to run this service check once per day...
and it could even be something super simple like this:

If people want their copy of the key update via the deb.torproject.org-keyring package, they will have to apt-get update and upgrade before we either release the next set of debs or, if we don't do that any time soon, then no later than October 10th. (Right now the Release file is signed with the primary key. New releases will sign those files with the previously expired subkey.)

Of course users are always free to manually update their copy of the key from the keyserver network using